JAAS - Authorization modules should only be responsible to add ACL
------------------------------------------------------------------
Key: MAGNOLIA-1532
URL: http://jira.magnolia.info/browse/MAGNOLIA-1532
Project: Magnolia
Issue Type: Improvement
Components: security
Affects Versions: 3.1 M1
Reporter: Sameer Charles
Assigned To: Sameer Charles
Fix For: 3.1
Current implementation of JCR Authorization module forces you to duplicate
users in JCR even if authentication source is external.
IMHO
- Authentication module should check for credentials (like it is now) in
addition collect groups and roles together with details like user language,
email etc..
- Authorization module can use above information to read access control list
for this user
this will help us develope authentication modules for any data/directory source
without having to duplicate users in JCR
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/developer.html
----------------------------------------------------------------
